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the validation database for storing the data for accessing the remote service provider, the 
universal session manager communicating with the validation database to obtain the data; and 
\y ^ wherein the host service provider directs the user to the selected one of the plurality of 
remote service providers using the data. 



/ 

Claims 16-18 have been added as follows: 



^16. The method of claim 1 , wherein the two-sided authentication is a triple 
handshake.-sf" 

*) i 

tA17. The method of claim 16, wherein the remote service provider is a distinct remote 
site from the host service provider. 

A8. The system of claim 7, wherein the two-sided authentication is a triple 
handshake. 

REMARKS 

Claims 1-7, 9-15 and 16-18 are pending in this application. By this Amendment, claims 
1 and 7 are amended and claims 16-18 are added. Support for the amendments to the claims may 
be found in the application on page 6, lines 4-16, and page 9, line 16 - page 10, line 17 and in the 
drawings, for example. Reconsideration and allowance in view of the following remarks are 
respectfully requested. 

I. THE CLAIMS DEFINE PATENTABLE SUBJECT MATTER 
A. The Rejection of Claims 1-4, 6, 7 and 9-15 

1. The Rejection Based on U.S. Patent No. 6,205,481 to Heddaya et al. 

In paragraph 3, the Office Action rejects claims 1-4, 6, 7 and 9-15 under 35 U.S.C. 
§102(e) as being clearly anticipated by U.S. Patent No. 6,205,481 to Heddaya et al. (Heddaya). 
The Office Action's reliance on Heddaya is not understood by Applicant. That is, the Office 
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Action appears to reject claims 1-4, 6, 7 and 9-15 applying Heddaya. However, the comments in 
the Office Action do not appear to relate to Heddaya, but rather relate exclusively to the Lavey 
patent, discussed below. Further, the teachings of Heddaya appear to relate to different 
technology than the present invention, i.e., Heddaya relates to a protocol for distributing fresh 
content among networked cache servers. 

As a result, the Office Action's reliance on Heddaya is not understood by Applicant. 
Accordingly, the teachings of Heddaya have not been further addressed in the remarks below. 
The Examiner is respectfully requested to clarify the reliance upon the Heddaya patent. 

2. Lavey Fails to Teach or Suggest the Claimed Invention 

The remarks in paragraph 3 of the Office Action appear to relate to U.S. Patent No. 
6,023,698 to Lavey et al. (hereinafter "Lavey"). It is respectfully submitted that Lavey fails to 
teach or suggest the features of claim 1 for the reasons set forth below, as well as the reasons set 
forth in the July 25, 2002 Amendment. 

Claim 1 recites a method for accessing one of a plurality of remote service providers 
across a network via a single login to a host service provider, each of the plurality of remote 
service providers being accessible through the host service provider and each of the plurality of 
remote service providers having separate login procedures requiring data, the method comprising 
the steps of the host service provider receiving the single login from a user, the host service 
provider having a universal session manager; the universal session manager retrieving data from 
a validation database based on the single login to the host service provider, wherein the data is 
effective for accessing a selected one of the plurality of remote service providers, and wherein 
the data is based at least in part on the single login; the universal session manager transmitting 
said data to the remote service provider, the universal session manager and the remote service 
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provider exchanging the data to effect a two-sided authentication; and the host service provider 
directing the user to the remote service provider. 

The Examiner is respectfully requested to reconsider the rejection as set out in the 
October 18, 2002 Office Action. As reflected in claim 1, the teachings of Lavey are substantially 
different then the present invention. It is respectfully submitted that the Office Action's 
interpretation of the teachings of Lavey vis-a-vis the invention of claim 1 is misplaced. 

The Office Action asserts in paragraph 3 that Lavey discloses the steps of the host service 
provider (23 Fig. 2A) receiving the single login, the service provider having a universal session 
manager (i.e., using server system 40 Fig. 2B to process data information and user validation). 
The Office Action further asserts Lavey teaches the universal session manager retrieving data 
from a validation database based on the single login to the service provider, wherein the data is 
effective for accessing a remote service provider and is based at least in part on the received 
username and password. The Office Action further asserts that Lavey teaches transmitting data 
to the remote service provider and directing the user to the remote service provider. 

Further, in paragraph 7, the Office Action again asserts that Lavey discloses the service 
provider having a universal session manager (i.e., using server system 40 Fig. 2B to process data 
information). As a first point, the Examiner is respectfully requested to clarify this assertion of 
paragraph 7. What does the Office Action mean by the phrase "the service provider having a 
universal session manager (i.e., using server system 40 Fig. 2B. . .). Applicant respectfully 
requests clarification as to what components of Lavey in the rejection are intended to constitute 
the claimed (1) "host service provider", having a (2) "universal session manager"; the claimed 
(3) "validation database" and the claimed (4) "remote service provider." On page 4, line 2, the 
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Office Action appears to assert with respect to claim 7 that the "validation database" of the 
claimed invention is Lavey's element 43. 

It is respectfully submitted that there are various deficiencies with the assertions as set 
forth in the Office Action. Referring to Fig. 2A, Lavey discloses a client application 20, an 
internet service provider 23, and that information types (21, 24 and 25) are available on an online 
server. Referring to Fig. 2B of Lavey, Lavey teaches a client system 30, an internet service 
provider 36, and a host server system 40. These components of Lavey as shown in Fig. 2A and 
2B are discussed in detail in the Amendment filed July 25, 2002. 

As noted above, the Office Action asserts that the service provider has a universal session 
manager (i.e., using server system 40 Fig. 2B to process data information and user validation). 
Applicant submits that Lavey teaches that host server system 40 includes a processor 41 
connected in a well-known manner to a memory 42 and to a database 43. Memory 42 stores 
instructions, such as scripts, and information that together provide token handlers for tokens 
received from Internet 37. Lavey describes that processor 41 uses the instructions and 
information stored in memory 42 to operate on received tokens in accordance with the 
appropriate token handler, and that when an object request token is received and validated by the 
appropriate token handlers, processor 41 accesses database 43 in a well-known manner for 
retrieving the requested objected. However, Applicant notes that all such processing takes place 
in the server system 40 of Lavey. 

In contrast, the claimed invention recites that the "host service provider having a 
universal session manager" and that "the universal session manager retrieving data from a 
validation database based on the single login to the host service provider" and further that "the 
universal session manager transmitting said data to the remote service provider." If the Office 
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Action is interpreting Lavey* s components (40, 41, 42 and 43) to somehow constitute the 
claimed "universal session manager" and/or the claimed "validation database" then, it is 
respectfully queried, what does the Office Action contemplate is the claimed "remote service 
provider?" 

That is, the Office Action's interpretation leaves the recitation "the universal session 
manager transmitting said data to the remote service provider; and the host service provider 
directing the user to the remote service provider" meaningless. Lavey fails to disclose a 
universal session manager retrieving the recited data (for accessing a remote service provider) 
and the universal session manager transmitting "said data" to the remote service provider. If the 
Office Action is interpreting Lavey' s server system 40 to constitute the claimed universal session 
manager, then what "remote service provider" does the Office Action contemplate that "said 
data" is being transmitted to? That is, Lavey teaches that the database 43 (i.e., what the Office 
Action appears to assert is the validation database) is already in the server system 40. 

Also, the language of claim 1 recites "the host service provider having a universal session 
manager." Claim 1 does not recite that the "remote service provider" has the universal session 
manager. Accordingly, Applicant respectfully submits that Lavey fails to teach or suggest each 
and every limitation of claim 1 . 

In further explanation of the differences between the claimed invention and the teachings 
of Lavey, in column 9, lines 11-19, Lavey teaches that user identification information, or some 
other information, such as a CD-key, is included in a string that is sent to the online site when 
resources are requested. Each user can be assigned a password for gaining access to the online 
site and for user tracking purposes. The first time that a user accesses an online site, a new 
account is created and associated with the user registration information. Lavey further describes 
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that subsequent accesses to the online site can track the user as a registered user. Applicant 
submits that the discussed "online site" is Lavey's web server of Fig. 2 A or Lavey's server 
system 40 of Fig. 2B. The creation of the new account, for example, is processed in the online 
site. Such processing does not take place in the internet service provider 36. 

For at least the above reasons, Applicant respectfully submits that independent claim 1 
defines patentable subject matter. Further, Applicant submits that independent claim 7 defines 
patentable subject matter for reasons similar to those discussed above with respect to claim 1. 

Claims 2- 4, 6 and 9-15 variously depend from the independent claims and therefore also 
define patentable subject for the reasons set forth above with respect to the independent claims, 
as well as for the additional features such dependent claims recite. 

For example, claim 2 recites the step of connecting to a trusted service provider having 
special access requirements, wherein a trusted service module acts as an intermediary between 
the host service provider and the trusted service provider. In the July 25, 2002 Amendment, 
Applicant respectfully requested that the Examiner clarify the specific teachings of Lavey that 
are used in the rejection, i.e., so as to assertedly teach the "trusted service module" and the 
"trusted service provider." Applicant asked for clarification as to what components of Lavey the 
Examiner believes teaches the "trusted service module" and the "trusted service provider." 
However, in the present Office Action, the Office Action again simply asserts that Lavey 
discloses that a trusted service module acts as an intermediary between the host service provider 
and the trusted service provider (i.e., helping to select an appropriate ISP). The Office Action 
refers the Applicant to Fig. 4 and col. 6, line 24 - col. 9 line 49). 

However, Fig. 4 and the designated portions of Lavey simply deal with an online site 
interacting with a client application, and aspects of using an Internet service provider, i.e., such 
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as selecting a different ISP (see column 9, line 2). For example, in column 6, lines 24-36, Lavey 
describes that information passed to an online resource site from an application incorporating the 
present invention are HTTP tokens containing information for gaining access to the online 
resource site and for gaining access to the requested information. Lavey describes there are three 
token types used by the present invention: a registration token, an identification token and an 
object request token. A registration token is used the first time that a user connects to an online 
resource, or whenever registration information changes, such as when a new ISP is selected; an 
identification token is used the first time during each session that a user requests an online 
component, thus identifying the user to the online resource; and an object request token is used 
for requesting objects from an online resource. Further, Fig. 4 simply shows a flow diagram for 
an online object request process according to Lavey' s invention. Lavey fully fails to teach or 
even suggest claim 2's feature of a "trusted service module acts as an intermediary between the 
host service provider and the trusted service provider." As was requested in the July 25, 2002 
Amendment, Applicant respectfully requests clarification as to what components of Lavey teach 
these recited features. 

Further, claim 1 has been amended to include the feature that "the universal session 
manager and the remote service provider exchanging the data to effect a two-sided 
authentication." Further, dependent claim 16 is added to recite that the two-sided authentication 
is a triple handshake. Also, dependent claim 17 recites that the remote service provider is a 
distinct remote site from the host service provider. Such features further define over the 
teachings of Lavey. 

For the reasons discussed above, as well as the reasons set forth in the July 25, 2002 
Amendment, Applicant respectfully submits that Lavey fails to teach or suggest the features of 
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claims 1-4, 6, 7 and 9-15. Reconsideration and withdrawal of the rejection under 35 U.S.C. 102 

is respectfully requested. 

B. The Rejection of Claim 5 

In the Office Action, claim 5 is rejected under 35 U.S.C. § 103(a) over Lavey. This 
rejection is respectfully traversed as the rejection pertains to amended claim 1. 

The Office Action asserts that Lavey does not specifically disclose a cookie, but that 
using a cookie to identify users in a Web server is generally well known in the art. The Office 
Action asserts that it would have been obvious if not inherent to one of ordinary skill in the art at 
the time the invention was made to implement a cookie in Lavey' s computer system to control 
users' account information. 

It is respectfully asserted that even if it were obvious to somehow use a cookie in the 
Lavey system, such use would fall far short of curing the deficiencies of the teachings of Lavey 
vis-a-vis claim 1, as is discussed above. Accordingly, the teachings of Lavey with or without use 
of a cookie fail to teach or suggest the features of claim 1. 

Accordingly, for at least the above reasons, Applicant respectfully submits that 
independent claim 1 defines patentable subject matter. Claim 5 depends from independent claim 
1 and therefore also defines patentable subject matter for the reasons set forth above with respect 
to claim 1, as well as for the additional features claim 5 recites. Reconsideration and withdrawal 
of the rejection under 35 U.S.C. 103 is respectfully requested, 
n. CONCLUSION 

For at least the reasons outlined above, Applicant respectfully asserts that the application 
is in condition for allowance. Favorable reconsideration and allowance of the claims are 
respectfully solicited. 
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For any fees due in connection with filing this Response the Commissioner is hereby 
authorized to charge the undersigned's Deposit Account No. 50-0206. 

Should the Examiner believe anything further is desirable in order to place the 
application in even better condition for allowance, the Examiner is invited to contact Applicant's 
undersigned representative at the telephone number listed below. 




Hunton & Williams 
1900 K Street, N.W., Suite 1200 
Washington, D.C. 20006-1109 
(202) 955-1500 

Dated: March 18, 2003 
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APPENDIX 

1 . (Thrice amended) A method for accessing one of a plurality of remote service 
providers across a network via a single login to a host service provider, each of the plurality of 
remote service providers being accessible through the host service provider and each of the 
plurality of remote service providers having separate login procedures requiring data, the method 
comprising the steps of: 

the host service provider receiving the single login from a user, the host service provider 
having a universal session manager; 

the universal session manager retrieving data from a validation database based on the 
single login to the host service provider, wherein the data is effective for accessing a selected one 
of the plurality of remote service providers, and wherein the data is based at least in part on the 
single login; 

the universal session manager transmitting said data to the remote service provide r, the 
universal session manager and the remote service provider exchanging the data to effect a 
two-sided authentication ; and 

the host service provider directing the user to the remote service provider. 

7. (Thrice amended) A system for accessing one of a plurality of remote service 
providers via a single login to a host service provider, each of the plurality of remote service 
providers being accessible through the host service provider and each of the plurality of remote 
service providers having separate login procedures requiring data, the system comprising: 

a user system having a network data acquisition module; 

a plurality of remote service providers; 
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a host service provider for receiving the single login, the host service provider having a 
universal session manager; 

the universal session manager receiving data from a validation database based on the 
single login to the host service provider, the universal session manager passing the data, which is 
required for access to the remote service provider, to the remote service provide r, the universal 
session manager and the remote service provider exchanging the data to effect a two-sided 
authentication ; and 

the validation database for storing the data for accessing the remote service provider, the 
universal session manager communicating with the validation database to obtain the data; and 
wherein the host service provider directs the user to the selected one of the plurality of remote 
service providers using the data. 

*** END OF APPENDIX *** 
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